Thursday, July 20, 2017

SC: Tough to define ‘privacy’ in net age

Just the act of operating an iPhone or iPad which uses fingerprints to open the device and allows the operator to store the impression and such actions, along with sharing of personal data by people on social network sites, makes defining breach of privacy a challenging task, the Supreme Court observed on Friday.

With India overtaking the US in the number of internet and mobile phone users, petitioners on Thursday prodded the Supreme Court to examine right to privacy in the digital world where users' data is shared without regulation.

Senior advocate Sajan Poovayya made an appealing presentation on the dangers in the web world on breach of privacy of individuals and their profiling based on habits, credit card purchases and social network messages.

GPS-enabled smart phones could record each and every movement of individuals and use this data to find out places frequented by the individual, senior advocate Sajan Poovayya said and asked: "Would this not amount to breach of privacy?" He said US has 22 crore internet users and 32 crore mobile phone users. In contrast, India has 35 crore internet users and 118 crore mobile phone users. "Digital reputation is as important as physical reputation," he said.

Justice D Y Chandrachud, part of the nine-judge bench headed by CJI J S Khehar, said: "Unlimited volume of data is shared every minute and these must be getting analysed. A possible way out in this vastness for protection of privacy could be that the government must specify the purpose for collection of personal details and ensure that it was used for that specified purpose only."

A nine-judge Constitution Bench of the Supreme Court, hearing the second day of arguments Thursday to determine whether right to privacy constitutes a fundamental right under the Constitution, sought to know why citizens were uneasy to share personal information with the State when they had no problem doing so with private players.

“When someone uses an iPhone or iPad with fingerprint login, their personal details are already in the public realm… Is there something qualitatively different when the State does the same (seek personal information),” Justice D Y Chandrachud, one of the judges on the bench headed by Chief Justice of India J S Khehar, asked senior counsel Sajan Poovayya who was appearing for the petitioners.

Poovayya replied that the problem was not with sharing information, but the absence of checks and balances to ensure safety of the data. “State can’t be entrusted with citizens’ data without proper oversight being there. Declaring right to privacy a fundamental right is the first step towards ensuring oversight,” he said. He also referred to app-based cab service providers like Uber collecting user information, saying it amounted to tracking. This made the court ask if privacy will be violated if the State tracks a terror suspect and uses data for security purposes.

“If the State tracking is in apprehension that a person may be involved in terrorism, then can the State use that data,” the bench asked. Poovayya replied that the State could do that “but there can be limitations by law”. The bench then said, “At what stage do we apply this rule, while collecting data or while using it? Because if we say while collecting data, then even the State will be able to collect data only after a terror act.”

Poovayya said there is fear of data collected by the State going into private hands and its misuse. He said it may also be misused by governments when regimes change. “The question is whether surrendering of details deprives one of the right to privacy. Surrender of information to some is not surrender of information to all. So if I give biometric data to the State, it should be used only for the purpose for which I gave it,” he said, adding this can only be ensured by laying down that privacy is a fundamental right. He said it is not necessary to fix the contours of the right as of now since it will evolve from case to case.

Justice J Chelameswar, one of the judges on the bench, then said it will be better to lay down some, if not all, the contours of the right to privacy if the court decides that it is a fundamental right. If the State is unable to protect data, then it should also stop collecting it, said Poovayya and referred to the UK instance of destruction of biometric data gathered by agencies.

The question of privacy had come up during the hearing of petitions challenging the Constitutional validity of the Aadhaar scheme. On Tuesday, while referring to two earlier judgements — by an eight-judge bench in the M P Sharma case of 1954 and by a six-judge bench in the Kharak Singh case of 1962 — the government pointed out that the apex court had ruled in these matters that there was no right to privacy in the Constitution. The nine-judge bench was set up to examine the correctness of these judgements.

Other judges on the bench are Justices S K Kaul, R K Agarwal, S A Bobde, R F Nariman, S Abdul Nazeer and A M Sapre. Earlier in the day, Justice Kaul wanted to know if right to privacy was available even against private parties, then would it not infringe on the freedom of others.

Justice Chandrachud sought to add to this, saying if the right to privacy was available against the rest of the world and not just against State action, “then it imposes a corresponding obligation on the State to make regulations to protect that right”.

“The State is required to ensure that the data given to a private player complies with the regulatory framework put in place by the State. The State cannot throw up its hands and say I will not do anything,” he said. Senior counsel Anand Grover, also representing the petitioners, said international conventions to which India is a signatory recognise the concept of human rights and that privacy, which flows from dignity, is a basic ingredient of human rights.

Justice Chandrachud then asked to what extent can one assert privacy rights to suppress one’s identity: “While applying for a passport, can someone say they will not furnish the information asked for? Can someone who adopted a child be compelled to disclose the name of biological parents? Can we deny passport to a single mother if she does not want to disclose the name of the child’s father?”.

Justice Nariman said the test could be if the State interest is compelling. “Is it in the interest of the State or is the information sought arbitrary and excessive,” he said. Justice Chandrachud referred to instances of governments collecting data and using it to find out who may be likely to commit a crime. “There, artificial intelligence is applied to profile people and find out who is predisposed to crime. That is profiling. However, if the government uses the data to disseminate economic benefits of its programmes, then it is not profiling.”

“Data cannot be used to stigmatise an HIV positive person, but it can be used to health benefits,” he added.Arguments in the matter will continue on July 25 when Attorney General K K Venugopal will speak for the government.